Website Design
Design Considerations
Theme/Content
Website Structure
Page Layout
Aesthetics
Content vs Style
Maintainability
Tech Requirement
Future Scalability
Website Security
Browser Support
Graceful Degradation
Accessibility
Next section...
Webpage Coding

Website Design Considerations

Website Security

Website security is important as without it you can be vulnerable to all forms of resource abuse. At its most basic level website security usually revolves around password protection of parts of your website such as a member's area or services for which there is a charge. Under Apache this is easily achieved using the .htaccess authentication method, additionally CGI programs and JS can be used to check and register users using session cookies.

But of equal importance, although less obvious, are the website resources themselves. If you are using CGI programs and/or server-side mail facilities you must take care to ensure that they cannot be 'hijacked' from outside.

If you allow online postings to your site make sure that all input is checked and that it is not possible to embed links or sections of code that you do not want.

There are ways to make simple forms invoking CGI programs do all manner of things that the designer did not intend, nearly all of them nefarious, and none of them desirable to you as it is your website that will appear to be responsible for whatever is done. Without being silly you should try to give away as little information about your programs as possible, and code them to robustly check their input for potential abuse. This is especially true of any program that has the capacity to send email, in the wrong hands this could be someone else's spamming engine unless you are very careful.

Think about the conditions under which the program may be called and ensure that only these conditions will be accepted. For example do not allow a mail program to be called from outside of your site, ensure that it will only work if the message has been typed in from within the main website.

Email addresses within webpages can also be 'harvested' by spammers so find ways to reduce this, the simplest solution is to use JS to disguise the email address within the page so that whilst it is still recognisable to human eyes (and of course works) it cannot easily be found by an automated trawling routine.

And finally, think about the data that you are putting into your page. For example do you really need to add your name, address and phone number? Unless there is a good reason to do so, such as business contacts, don't! Identity theft and fraud is a growing problem in this new age...

Show Style-Switcher...